Risk Mitigation

This section will provide you with information on how you can minimize the risk of misuse or fraud in your GSA SmartPay fleet program. The most important thing you can do is to be aware of what activity is occurring on the accounts under your purview. Do not be afraid to ask questions if you identify unusual or suspicious transactions or behavior.

GSA SmartPay Purchase Account Misuse/ Abuse can take many different forms, but here are some of the most common examples:

Purchases exceed the authorized limit. Accounts may be limited to a specific spending limit per transaction, per day, or per monthly billing cycle.

Purchases for which no funding is available. Federal law requires that funds must be available before any government purchase is made.

Using the fleet account for an unauthorized vehicle. Account holders must take steps to ensure the security of their account. This means the fleet account must be used only by an authorized vehicle and only for official government business. If the account holder allows others to use the fleet account, the account holder will be held personally liable to the Government for any unauthorized transactions.

Split Transactions. The FAR limits the dollar threshold for micro-purchases. Any purchase that, as a whole, would exceed the micro-purchase limit but is separated into smaller transactions in order to avoid the micro-purchase limit is considered to be a split transaction.

Products or services that do not meet the government's requirements. Account holders must use discretion when making purchases to ensure that they meet the government's requirements. Due to the wide array of products and services available, there may be occasions when account holders may be requested or tempted to buy luxury or deluxe versions of products and services that exceed the government's actual requirements. For instance, it would be questionable for an account holder to buy a $200 car wash when there are many quality car washes available for $50 or less.

Purchases for personal consumption. All purchases must be for official government use only. Thus, any purchase made that is for the account holder's personal use rather than for official government purposes is considered to be misuse. For example, an account holder who uses the fleet account to buy himself lunch at the gas station because he had no cash available that day is misusing the account.

Purchases that are not authorized by the agency/organization. Your agency/organization may have additional limits on the use of the purchase account, such as limiting certain categories or types of products or services.

Consequences for misuse/abuse may include:

Reprimand;

Counseling;

Suspension of employment;

Termination of employment; and

Criminal prosecution.

Note: Some agencies have agency-specific penalties and consequences for misuse/abuse of the fleet account.

What is fraud?

Fraud is a deception deliberately practiced with the motive of securing unfair or unlawful gain. Fraud can be an attempt to cheat the Federal Government and corrupt its agents by using GSA SmartPay payment solutions for transactions not part of official government business. Like any deception, fraud has its fair share of victims.

Some of the different types of fraud include:

Counterfeit Accounts — To make fake cards, criminals use the newest technology to “skim” information contained on magnetic stripes of cards, and also to pass security features (such as holograms).

Lost or Stolen Accounts — Often physical cards are stolen from an unattended vehicle.

Non-Receipt Fraud — This occurs whenever new or replacement cards are mailed and then stolen while in transit.

“Friends and Family” fraud - an employee steals the card and uses it to fuel personal vehicles or a stranger’s vehicle often in return for a discounted cash price

Phishing — Phishing occurs whenever an account holder receives a fake email directing him or her to enter sensitive personal information on a phony website. The false website enables the criminal to steal information from the account holder.

Skimming - Account information is stolen at the pump

As a program coordinator, you must inform your account holders to:

Be alert to the indicators of fraud (including false charges/ transactions, mischarging, bribes, gratuities, and kickbacks)

Report suspected fraud immediately through the proper channels at your agency (AO, A/OPC, Financial Officer, Office of the Inspector General or Office of Special Investigations)

Note: Any intentional use of the GSA SmartPay fleet account for other than official government business is considered an attempt to commit fraud against the U.S. Government and may be cause for disciplinary actions. The account holder is held personally liable to the Government for the amount of any non-Government transaction. Under 18 U.S.C. 287, misuse of the fleet account could result in fines or imprisonment or both. Military members who misuse the fleet account may be subject to court martial under 10 U.S.C. 932, UCMJ Art. 132.

What should I do if I suspect misuse or fraud?

A key responsibility for most program coordinators is to detect and report suspected misuse. If a situation occurs where you must report suspected misuse, make sure you have all the information necessary to assist with a formal inquiry or investigation. Contact the driver to obtain any information that could explain questionable charges. If the driver provides documentation or an explanation regarding the charges and you still have questions or concerns about it, compile all the information (e.g., statement, exception report, documented contacts between you and the account holder, copies of receipts, etc.) before you report it. Your agency/organization may ask you to report suspected misuse to one or more of the following personnel:

The Approving Official

The Finance Officer

The Office of Inspector General (via the hotline), OR the Office of Special Investigations (for Defense agencies)

Credit limits - Credit limits restrict single, daily, weekly, or monthly expenditures per account. In accordance with agency/organization policy, an A/OPC may set the limits which best meet the agency's needs. Setting limits that are realistic, but not excessive, will deter misuse. By reviewing spending patterns, you may be able to lower limits without disrupting the agency's mission. A/OPCs also have the authority to raise limits at any time in response to emergency or unforeseen situations.

Merchant Category Code (MCC) Blocks - Merchant Category Codes (MCCs) are established by the associations or contractor banks to identify different types of businesses. Merchants select the codes best describing their business. You may limit the types of businesses where the account will be accepted by limiting the MCCs available to the account holder. The contractor bank has established sample templates that may assist you in determining which MCCs should be restricted. In the event that a driver needs to make a purchase outside of his/her restricted MCCs, A/OPCs are authorized to override the restriction for a transaction by contacting the contractor bank's Customer Service Representative. Agency/organization policy should specify who is authorized to perform overrides.

Online Reports - A/OPCs have access to many standard and ad hoc reports online through the contractor bank’s EAS.

Account Deactivation - In those instances when the fleet account is not needed on a continuous basis, deactivation of the account may serve as a deterrent to fraud and/or misuse. You may deactivate the account when an account is not being used. By understanding the use of the account, you can work establish deactivation guidelines. Deactivation and reactivation can be completed through the bank's EAS or by calling the bank's customer service phone number.

In addition, fleet program coordinators can:

Establish policies and procedures to detect fraud, waste and abuse

Emphasise standards of conduct and clearly state consequences for misuse

Manage delinquency and implement proper training

Drivers can:

Double check that they are using the correct card before making a purchase

Keep their Driver ID/ PIN confidential, do not write it on or near the physical card

Ensure pumps are not compromised or opened

Use pumps that face the attendant, they are less likely to have skimming devices installed

Secure the fleet card when stored and don’t leave it in the vehicle or in a place accessible to all

How do these tools make it easier to audit and manage the use of fleet accounts?

By providing electronic reports and transaction files, auditors and agency/organization program managers have immediate access to information such as merchant name, type of merchant, dollar amount of transaction, and date of transaction. These tools make it easier to identify questionable transactions and follow through to ensure that the transactions were proper. In some instances, merchants also provide line item detail of transactions, including quantities, prices and product descriptions. GSA continues to work with the associations to increase availability of line item detail.

What tools does GSA provide to assist agencies/organizations with preventative measures/program management for the fleet program?

GSA developed and hosts online training courses

The annual GSA SmartPay Training Forum for A/OPCs provides training on the bank’s EAS, best practices, and program management.

Free online resources from the GSA SmartPay website to assist purchase A/OPCs in detecting and preventing misuse and fraud.

Printable resources such as Helpful Hints for Fleet Account Use is a card-sized brochure that provides information on the fleet account. This brochure can be ordered on online and can be placed in vehicles with the fleet card.